Cisco ASA 5510 access http ssh

To get access to your precious Cisco ASA 5510 firewall via SSH ssh or http seems to be an easy task. But sometimes it turns into a dilema.

SSH Access:

access your firewall via terminal and configure your management link port:

!
interface Management0/0
 speed 100
 duplex full
 nameif MGMTLINK
 security-level 100
 ip address 192.168.73.250 255.255.255.128
 management-only

Now it es necessary to create a user:

username admin password cisco

Further the access for SSH needs to be configured:

! AAA will be configured to do the user authentication
ASA_5510(config)# aaa authentication ssh console LOCAL
ASA_5510(config)# ssh 192.168.0.0 255.255.255.0 MGMTLINK
! Permit  ssh access to firewall  from specified ip or subnet, inside
ASA_5510(config)# domain-name TEST.ORG
! Add a Domain-name needed for the RSA key generation. You can think of any kind of name only relevant for the certificate
ASA_5510(config)# crypto key generate rsa modulus 2048

Now you are able to access you Cisco ASA via the management IP address.

HTTP

Usually this works out of the box. But to be sure the following entries should be done also:

aaa authentication http console LOCAL
http server enable
http 192.168.0.0 255.255.0.0 MGMTLINK

 

Remark:

I have a hole bunch of networks in the 192.168.0.0/16 Area. this is the reason why I did not specify the IP addresses further. To be sure and in a productive environment bring it as close as possible to your admin workstation IP address.
asd

Leave a Reply

Your email address will not be published. Required fields are marked *